CVE-2025-9010 | itsourcecode Online Tour and Travel Management System 1.0 booking_report.php from_date sql injection

Inserito da Angelo Barbosa | Ago 13, 2025 | CVE

A vulnerability classified as critical was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking_report.php. The manipulation of the argument from_date leads to sql injection.

This vulnerability is known as CVE-2025-9010. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2025-9010 | itsourcecode Online Tour and Travel Management System 1.0 booking_report.php from_date sql injection

Post correlati

CVE-2024-33071 | Qualcomm Snapdragon Auto MDM9628/QCA6564A/QCA6564AU/QCA6574A/QCA6574AU MBSSID IE buffer over-read

CVE-2024-3468 | AVEVA PI Web API prior 2023 SP1 API XML Import deserialization (icsa-24-163-02)

CVE-2024-12362 | InvoicePlane up to 1.6.1 invoices.php download invoice path traversal

CVE-2024-6948 | Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120 Slide Editor /slideeditor.php newSlideFile unrestricted upload